Tageszusammenfassung - 04.02.2021

End-of-Day report

Timeframe: Mittwoch 03-02-2021 18:00 - Donnerstag 04-02-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Dimitri Robl


Malicious Chrome and Edge add-ons had a novel way to hide on 3 million devices

28 malicious extensions disguised traffic as Google Analytics data.


New Fonix ransomware decryptor can recover victims files for free

Kaspersky has released a decryptor for the Fonix Ransomware (XONIF) that allows victims to recover their encrypted files for free.


How to Audit Password Changes in Active Directory

Todays admins certainly have plenty on their plates, and boosting ecosystem security remains a top priority. On-premises, and especially remote, accounts are gateways for accessing critical information. Password management makes this possible. After all, authentication should ensure that a user is whom they claim to be.


Project Zero: Déjà vu-lnerability

A Year in Review of 0-days Exploited In-The-Wild in 2020


E-Tretroller sind leicht zu überwachen und zu manipulieren

Die Apps der Verleiher sind sehr auskunftsfreudig. Mit den übertragenen Daten lässt sich ein E-Tretroller sogar während der Fahrt abschalten.


Browser sync-what are the risks of turning it on?

Browser synchronization is a handy feature but it comes with a few risks. Heres what you should be asking yourself before you switch it on.


This old form of ransomware has returned with new tricks and new targets

Cerber was once the most common form of ransomware - and now its back, years after its heyday.



Upcoming Security Updates for Adobe Acrobat and Reader (APSB21-09)

A prenotification security advisory (APSB21-09) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for the week of February 09, 2021.


Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices

Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a devices wireless communications.


Jetzt patchen! Sicherheitsupdate für SonicWall SMA 100 ist da

Derzeit haben es Angreifer auf das Fernzugriffsystem SMA 100 von SonicWall abgesehen. Nun gibt es Patches.


Security updates for Thursday

Security updates have been issued by CentOS (glibc, linux-firmware, perl, and qemu-kvm), Debian (dnsmasq), Fedora (netpbm), Mageia (firefox, messagelib, python and python3, ruby-nokogiri, and thunderbird), Oracle (kernel, perl, and qemu-kvm), Red Hat (flatpak), and SUSE (openvswitch and python-urllib3).


Panasonic Video Insight VMS vulnerable to arbitrary code execution


ZDI-21-151: (0Day) Hewlett Packard Enterprise Moonshot Provisioning Manager khuploadfile Stack-based Buffer Overflow Remote Code Execution Vulnerability


ZDI-21-150: (0Day) Hewlett Packard Enterprise Moonshot Provisioning Manager khuploadfile Directory Traversal Remote Code Execution Vulnerability


Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are affected by CVE-2020-14781


Security Bulletin: IBM SDK Java Quarterly CPU Jul 2020 Vulnerabilities Affect IBM Transformation Extender


Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i


wpa_supplicant: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode


Citrix Hypervisor Security Update


Luxion KeyShot


Horner Automation Cscape


WAGO M&M Software fdtCONTAINER (Update A)